London, 15 March 2016 – Businesses in the UK are putting the confidential information of their customers and employees at risk by not disposing of electronically-stored data securely, the UK’s largest information destruction company has warned today.

Research from Shred-it reveals that two fifths (40%) of SME business owners have never disposed of electronic devices containing confidential information, such as hard drives, while a third (35%) do it less than once a year. In comparison, over half (56%) of larger organisations dispose of these devices every 2 to 3 months, according to Shred-it’s fifth annual Security Tracker survey[1]. Worryingly however 14% of larger businesses never securely destroy this type of digital storage or do it less than once a year. As larger companies often hold vast quantities of customer data, this is a real concern for all of us as consumers.

Storing redundant electronic devices in the office could lead to inadvertent breaches and offers a goldmine of sensitive information for data thieves. The loss or theft of hard drives containing confidential information, such as employee details and client information, puts businesses at significant financial, legal and reputational risk. Currently, the largest data breach fine issued by the body responsible for enforcing the Data Protection Act (the ICO) is £325,000, following the discovery of highly-sensitive data on hard drives sold on an online auction site[2].

Shred-it is calling on UK businesses and organisations to recognise the risks that inadequately destroyed, electronically-stored information pose.

“In the increasingly digital workplace, businesses place emphasis on cyber security, and rightly so; however they often neglect physical digital storage, not realising the wealth of confidential information contained on these devices. You wouldn’t leave a stack of documents containing confidential information sitting in the corner of your office or in a store cupboard gathering dust, so why leave a hard drive where a data thief could easily access it?” warns Robert Guice, Senior Vice President Shred-it EMEAA.

He adds, “UK businesses continue to hugely underestimate the risks that unused or old electronic equipment left lying around the office poses to their business, as well as the serious impact that could occur if this information was to fall into the wrong hands.”

Simply deleting the information on hard drives does not mean that the information has been removed; this can only be ensured by physically destroying the hard drive.

Tony Neate, CEO of Get Safe Online[3], the leading source of information and online security advice, supported by the UK Government, adds, “Just as it is easy for criminals to extract data from your company’s electronic devices, even after the information has been deleted, it’s also easy to put the right procedures in place to keep your sensitive company data secure. Make sure you fully erase hard disks by either using a dedicated file deletion program or service, and physically destroy the hard drive so it is unusable. Taking your devices to a proper disposal facility and asking for a certificate is a good way of making sure this has been done properly and that no information will end up where you don’t want it to.”

Physically destroy all unused hard drives at the end of their useful lives. Using a third-party provider who has a secure chain of custody and provides written confirmation of destruction, can help give you peace of mind and ensure your data is being kept out of the hands of fraudsters

About the survey:
Ipsos MORI is one of the largest and best known research companies in the UK and a key part of the Ipsos Group, a leading global research company. With a direct presence in 60 countries our clients benefit from specialist knowledge drawn from our five global practices: public affairs research, advertising testing and tracking, media evaluation, marketing research and consultancy, customer satisfaction and loyalty.
Ipsos Mori conducted a quantitative online survey of two distinct sample groups: Small business owners in UK (all of which have fewer than 100 employees), and C-suite executives working for businesses in the UK with a minimum of 250 employees.

About Shred-it
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. The company operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.co.uk.